Author
Topic: TDSS / TDL3 / TDL4 analysis (Read 21931 times)

TDL or TDSS family is a famous trojan variant for its effectiveness and active technicaldevelopment. It contains couple compoments: a kernel-mode rootkit and user-modeDLLs which performs the trojan operation such as downloaders, blocking Avs, etc,. Sincethe rootkit acts as an “injector” and protector for the usermode bot binaries, almost alltechnical evolutions of this threat family focus on rootkit technology so as to evade AVscanners.As in its name, TDL3 is the 3rd generation of TDL rootkit which still takes its aims atconvering stealthy existences of its malicious codes. Beside known features, this threat isexposed with a couple of impressive tricks which help it bypassing personal firewall andstaying totally undetected by all AVs and ARKs at the moment. These aspects andtechniques will be discussed in more detail in the sections that follow.